NYC Traffic Ticket spam is really Blackhole malware attack

Filed Under: Malware, Spam

Traffic cop. Image from ShutterstockDon't be too quick to believe that the New York State police are charging you with a traffic offence - that email you just opened in your inbox could actually be an attempt to infect your computer.

The team at SophosLabs have been intercepting a malicious spam campaign today which tries to trick the recipient into believing that they were caught speeding.

Here's what a typical email used in the attack looks like:

Traffic ticket malware spammed out

Subject: NYC Traffic Ticket [id number]

Message body:

New York State * Department of Motor Vehicles
UNIFORM TRAFFIC TICKET

NEW YORK STATE POLICE * POLICE AGENCY

Local Police Code

THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS

Time: 7:18 AM
Date of Offense: 09/12/2011

IN VIOLATION OF
NYS V AND T LAW DESCRIPTION OF VIOLATION:
SPEED OVER 55 ZONE
TO PLEAD, PRINT CLICK HERE AND FILL OUT THE FORM

Of course, if you have your head on straight you might ask yourself how the New York police could possibly have your email address (or at least how they would have connected it to your car). Or you might realise that the message is clearly spam as you weren't anywhere near New York on the day in question.

But plenty of people won't have their head on straight, and - in their fluster - might click on the link without thinking. That's what the cybercriminals are banking on.

Malware authors have used a very similar disguise in the past, tricking users into opening a dangerous attachment.

On this occasion, however, there is no attachment. Instead, a link takes users to a website playing host to the Blackhole exploit kit - within seconds visiting computers can be infected via Adobe Flash and PDF exploits, detected by Sophos products as Troj/SWFExp-AI and Troj/PDFEx-GD.

We've certainly seen lots of attacks involving the Blackhole exploit kit lately, including rejected wire transfer notifications and fake Facebook photo tag notifications.

Keep your anti-virus software up-to-date, your operating system and applications patched, and - essentially - your wits about you.

Hat-tip: Thanks to SophosLabs researcher Przemek Miozga for his assistance with this article.

New York traffic cop image from Shutterstock.

, , , ,

You might like

5 Responses to NYC Traffic Ticket spam is really Blackhole malware attack

  1. MikeP · 757 days ago

    Joins the ranks of those purporting to be from the FBI, etc threatening you with arrest or worse. Trouble is I live in the UK and they have absolutely no jurisdiction here so the emails are obviously spam and possibloy malicious. And the so often can't spell properly either!

  2. Timelord · 756 days ago

    I'm probably old fashioned
    BUT:
    Doesn't anybody check first if they really have gotten a ticket?
    The place
    The date ?
    The Time ?

    Besides who 'REALLY' trusts our friend and helper these days?
    Especially when it comes via email, where the heck did they get my emailaddy from?

  3. John (Tech Writer) · 756 days ago

    Got it. Sent a message to NY State Police, asking if they had seen it (or actually sent it). Thought you'd be interested to know that they referred me to this blog.

    Interesting. But why would anyone want to do such a thing? What possible joy could anyone get from downloading an infection onto my computer? Bah!

    Jail them. Throw away the key.

  4. ian · 756 days ago

    Disagree about the FBI jurisdiction. If they want you, they get you

  5. FBI is really so hard in it's own rule as well! Just a quick note to tell you that i have a passion for the topic "NYC Traffic Ticket" at hand. Thanks!!!!!!!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.